Wednesday, 8 January 2014

Another calamity for the European Commission

The European Commission’s data protection spin doctors must
be weeping in frustration.

Last year, they were all working hard to reassure everyone that
the wheels had not come off the “Data Protection Regulation wagon”, and that
legislation would most definitely be in place before the European Parliamentary
elections later this summer. Last month’s
meeting of the Justice & Home Affairs Council indicated how the legislative
proposals were unravelling, and put paid to the fantasy that an agreement would
be in place by this summer. My blog of 11 December 2013 has more details.

What else could go wrong?

Well, yesterday, another issue emerged which again questions
how deeply committed the European Commission is to all this data protection
malarkey. It’s about the next European Data Protection Supervisor and his assistant.

First, a bit of background. A couple of years ago, the EDPS
was viewed by the European Commission as a job that was so important that the
jobholder must either be also Chair of the European Data Protection Board (the
reconstituted Article 29 Working Party), or be elected as one of the two Deputy
Chairpersons.

That proposal didn’t go down too well with the other Data
Protection Commissioners, nor anyone else who felt that a bit more democracy
might be in order within the European Data Protection Board. Others were envious of the ability of his office to grow in
size so quickly – from a man+dog a decade ago to some 50 officials today. A
number of Data Protection Commissioners would dearly love to have that level of
resources within their own countries.

Conspiracy theorists will have a field day asking whether
the EDPS has recently been cut down to size, as it has emerged that there is
no-one to replace the Supervisor, or his deputy, when their term of office
officially ends next week.

Both are appointed by the European Parliament and the Council
for a term of 5 years on the basis of a list drawn up by the Commission following
a public call for candidates. I’m not aware that this public call for either post
has yet been made, and it is likely that there will be a long delay before the
new bod gets the nod.

So, will the office of the EDPS be leaderless for a period –
and more importantly, will anyone notice?

The (soon-to-be former) EDPS is billed to speak at the
Computers, Privacy & Data Protection conference at the end of the month
(see yesterday’s blog). But whether he’ll bother turning up, given how his post
has been treated, is a moot point. I’ll let you know.

I am available if an interim European Data Protection
Supervisor is required from next week. I must admit that I’m not as wedded to
the Data Protection Directive as the incumbent has been over the past few
years. I prefer a more pragmatic approach. Nor, for obvious reasons, do I have
a friendly relationship with the Data Protection Taliban. But I am an entertaining conference
speaker, and am happy to cross the globe to earnestly debate issues that
require addressing at such international events.

About Me

I'm Martin Hoskins, and I write this blog to offer somewhat of an irreverent approach to data protection issues. I'm not one of the "high priests" of data protection. I prefer the principles of transparency, fairness, practicality and risk-assessment over tedious technical dogma. In my view, when the law is unfair or impractical, it should be queried.
While I may, occasionally, gently criticise various organisations with which I am or have been associated, I write here in an entirely personal capacity. My comments should never be taken to represent anyone else's views about any of the pressing issues of the day.
There is a much more serious side to my privacy consulting work, but for that you'll need to contact me at Grant Thornton UK LLP, where I'm an Associate Director, leading the UK privacy practice.
I tweet as @DataProtector.
You can contact me at:
martin.c.hoskins@uk.gt.com, or (with respect to my less serious posts) info@martinhoskins.com.